Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use CVE>Impact as severity when it is not empty (RedHat OVAL)

Browse Source
This commit is contained in:
kota kanbe
2017-08-13 22:17:25 +09:00
parent dbceca8780
commit 47a444e795
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
oval/redhat.go
View File

@@ -124,12 +124,17 @@ func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *mo
score2, vec2 := o.parseCvss2(cve.Cvss2)
score3, vec3 := o.parseCvss3(cve.Cvss3)
severity := def.Advisory.Severity
if cve.Impact != "" {
severity = cve.Impact
}
return &models.CveContent{
Type: models.NewCveContentType(o.family),
CveID: cve.CveID,
Title: def.Title,
Summary: def.Description,
Severity: def.Advisory.Severity,
Severity: severity,
Cvss2Score: score2,
Cvss2Vector: vec2,
Cvss3Score: score3,